Reserve ephemeral ports that are expected by system services
Update sysctl.conf to reserve keystone and tiller ports so that any initial system processes do not claim these ports. These are also reserved in puppet and part of initial system provisioning. Change-Id: I3bae661348718df00f7b50ba15931281a744d473 Closes-Bug: #1869011 Related-Bug: #1851533 Signed-off-by: Robert Church <robert.church@windriver.com>
This commit is contained in:
parent
b95127d680
commit
de8d65efdf
|
@ -86,3 +86,14 @@ net.ipv4.tcp_keepalive_time = 5
|
|||
# Reduce this delay to 8 shortens this to ~100 seconds.
|
||||
net.ipv4.tcp_retries2 = 8
|
||||
|
||||
# Reserve ports in the ephemeral port range:
|
||||
#
|
||||
# Incorporate the reserved keystone port (35357) from
|
||||
# /usr/lib/sysctl.d/openstack-keystone.conf
|
||||
#
|
||||
# Helm v2.13.1 hardcodes the following Tiller ports when installed in the
|
||||
# k8s cluster: 44134 (server), 44135 (probe), 44136 (trace). Reserve them
|
||||
# from the ephemeral port range. This will avoid potential port conflicts
|
||||
# that will cause the tiller pod to crash when the port is assigned to
|
||||
# another client/server
|
||||
net.ipv4.ip_local_reserved_ports=35357,44134-44136
|
||||
|
|
Loading…
Reference in New Issue